30 November 2017

Is the US behind in cyber-enabled info operations?

Information Systems Technician 3rd Class Jacquelyn Jose, left and Information Systems Technician 2nd Class Aubrey Diehl, assigned to the amphibious assault ship USS Boxer (LHD 4) set up administrator accounts on a virtual server during a network training course provided by Space and Naval Warfare Systems Command (SPAWAR). Within the broader realm of cyberwarfare, the prospect of data and information war is becoming much more prevalent.

Cyber and information warfare are growing closer in relationship given the ease in which cyberspace enables traditional information campaigns. Campaigns such as the hack of the Democratic National Committee attributed to the Russians is a perfect example of a cyber-enabled information operation given the information was stolen through cyber means.

From a U.S. perspective, some military personnel and outside experts assert the U.S. divested some of its capability in the information sphere following the conclusion of the Cold War.

How information-related capabilities — especially through the cyber domain — manifest themselves from a joint command construct, is murky.

When asked during a May hearing before the Senate Armed Services Committee if Cyber Command — the main joint organization tasked with cyber offense and defense — has been asked to conduct cognitive operations, information warfare or the changing of public opinion, its commander, Adm. Michael Rogers, replied “No we have not. That’s not right now in our defined set of responsibilities, per se.”

While declining to offer specifics, Rogers noted that there are things his organization is doing right now in the information space for combatant commanders, citing the fight against the Islamic State group, acknowledging that at the conclusion of the Cold War, the U.S. did away with many of the institutions and skill sets of the information space.

Rogers did concede later in the hearing that Special Operations Command is one of the organizations they work very closely with in this space.

The U.S. military services’ reorientation to more integrated information operations is a recognition of sorts of what adversaries are doing. Russia and China have begun to organize their forces around “information” and doctrinize information operations integrating several facets of information-related capabilities together.

Russia in particular has combined cyber, electronic warfare and kinetic fires in a highly lethal manner.

“If you think about the Ukrainian example, I would argue that the Russians are skillfully integrating all the information-related capabilities and what they actually have been able to do is use those capabilities to find, fix, and in some cases, finish their opponent with information related capabilities,” Maj. Gen. Stephen Fogarty, chief of staff at Cyber Command, said during a panel in October at AUSA’s annual meeting.

This manifests itself in their ability to detect and geolocate forces through social media scraping and signals intelligence, among others. Once detected, they use information related capabilities to create physical effects such as jamming or denying access to capabilities through cyber means. In some cases, they finish with cyber capabilities, as with the massive cyberattack on Ukrainian civilian infrastructure.

Non-state actors such as ISIS have also leveraged the interconnectedness of modern global societies to conduct military operations in support of information operations, a clear distinction from what the U.S. military does, Alex Crowther of the National Defense University, said during a presentation at AUSA.

The U.S. military executes information ops in support of operations, whereas ISIS performs operations in support of information ops, he said. The U.S. military will perform an objective and relay the results back to a central location for dissemination via a news release, while conversely, ISIS will scout an objective prior to an attack to determine the best place from which to capture footage to later post online.

How are U.S. forces organized?

At the joint level, Joint Publication 3-13 provides the roadmap for information operations with definitions and instructions.

These types of operations can include the Military Information Support Operations against the Islamic State group, prosecuted by Central Command. The authorities for these operations stem from authorities that began in 2009 to combat al-Qaida’s and the Taliban’s online propaganda. These activities include operating in the social media environment to combat ISIS propaganda using a robust, online engagement program

Secretary of Defense Jim Mattis in September wrote a memo that endorsed the decision of the chairman of the Joint Chiefs of Staff to designate information as a new seventh joint function.

The services have all in one way or another begun to organize themselves incorporating all aspects of information to include cyber, electronic warfare, intelligence and traditional IO disciplines. This includes the new deputy commandant for information within the Marine Corps and the service’s new Marine Expeditionary Forces Information Group; the Army’s merging of cyber and electronic warfare that crystalized with the service’s first field manual governing cyber and electromagnetic activities; and the Navy’s Information Warfighting Development Center, which will posture the Navy’s information warfare sailors to be better trained, better equipped and better skilled to fight in the information domain.

Righting the ship

Congress has taken aim at the perceived deficiencies within the cyber-enabled information operations space. The conference report rectifying the House and Senate versions of the fiscal year 2018 National Defense Authorization Act that passed has a variety of measures that seek to bolster or integrate cyber-enabled information operations.

The bill includes measures to integrate strategic information operations and cyber-enabled information operations as well as increase cyber and information operations, deterrence and defense. Specifics within these sections require the military to establish a process to integrate strategic information operations and cyber-enabled information operations across the elements of DoD responsible for them, including military deception, public affairs, electronic warfare, and cyber operations; a designated senior official to oversee the implementation of this plan; and enhance joint, regional and combined information operations and strategic communication strategies to counter Chinese and North Korean information warfare, malign influence and propaganda activities.

Some outside experts contend the military must begin to think differently about the cyber domain and it’s implications in both war and peacetime.

“If you come in and say cyber is a capability, cyber is going to be part of every next conflict, it doesn’t lead you to say, ‘Holy crap, they just came to us with a surprising use and all we’ve got is a Cyber Command’ and we started forgetting about information operations and influence operations 15 years ago, 10 years ago,” Jay Healey, a senior research scholar at Columbia University and non-resident senior fellow at the Atlantic Council, said during the CyCon U.S. conference in November.

Healey also expressed concern for Cyber Command’s cadre of cyber warriors, noting he’s not sure DoD has thought through building out the cyber mission force.

“The answer to how are we going to prepare is well we’re going to get to” full operational capability, he said.

How does the U.S. know that FOC is being built to the right capability, Healey asked, as the cyber domain is subject to rapid evolution.

“If influence is going to play a larger role than it has in the last two years, we might say, let’s have cyber influence teams that we interknit within the cyber mission force that are looking for influence operations that are cyber enabled like Sony or DNC hack,” he added.

During the CyCon conference, a pair of Army captains presented a potential vision for how the Army could employ trolls, or persons and/or bots that seek to sow discord online.

While trolling never used to spill into the civilian sphere, there has been a shift in how trolling has been used into a more information focus in the past five years, they said, with the emergence of nation states endorsing trolling at a global scale.

Trolling within a battalion could take the form of defensive operations that would identify, destroy and neutralize foreign trolls operating on the cyber personas of Americans and its allies, their leaders, institutions and persons; and offensive toll operations, that will target individuals or organizations to potentially buy into an agenda or objective.